4 Commits

  • [codex] Apply a Dependabot cooldown of 7 days (#21599)
    This adds 7-day cooldowns to all of our Dependabot ecosystem blocks. Our
    Dependabot runs will continue at the same cadence as before, but the
    scheduled PRs will no suggest updates that are fewer than 7 days old
    themselves. This serves two purposes: to let dependencies "bake" for a
    bit in terms of stability before we adopt them, and to give third-party
    security services/tooling a chance to detect and revoke malware.
    
    This should have no functional changes/consequences besides how rapidly
    we get (non-security) updates. Dependabot security PRs can still be
    scheduled and will bypass the cooldown.
  • Enable Dependabot updates for Rust toolchain (#2460)
    This change allows Dependabot to update the Rust toolchain version
    defined in `rust-toolchain.toml`. See [Dependabot now supports Rust
    toolchain updates - GitHub
    Changelog](https://github.blog/changelog/2025-08-19-dependabot-now-supports-rust-toolchain-updates/)
    for more details.
  • chore: drop codex-cli from dependabot (#1523)
    We are not actively developing `codex-cli`, so I would rather leave the
    existing `pnpm-lock.yaml` files as-is.
  • chore(rs): update dependencies (#1494)
    ### Chores
    - Update cargo dependencies
    - Remove unused cargo dependencies
    - Fix clippy warnings
    - Update Dockerfile (package.json requires node 22)
    - Let Dependabot update bun, cargo, devcontainers, docker,
    github-actions, npm (nix still not supported)
    
    ### TODO
    - Upgrade dependencies with breaking changes
    
    ```shell
    $ cargo update --verbose
       Unchanged crossterm v0.28.1 (available: v0.29.0)
       Unchanged schemars v0.8.22 (available: v1.0.4)
    ```